feat($Gateway): secure gateway swagger

Configure `allowApplicationList` in application-*.yml
johnnymillergh · May 11, 2020 · 9207062 · 9207062
1 parent b2e14ee
commit 9207062
Show file tree

Hide file tree

Showing 7 changed files with 80 additions and 11 deletions.
diff --git a/...way/src/main/java/com/jmsoftware/gateway/universal/configuration/CustomConfiguration.java b/...way/src/main/java/com/jmsoftware/gateway/universal/configuration/CustomConfiguration.java
@@ -0,0 +1,26 @@
+package com.jmsoftware.gateway.universal.configuration;
+
+import com.google.common.collect.Lists;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+/**
+ * <h1>CustomConfiguration</h1>
+ * <p>Custom configurations which are written in .yml files, containing a variety of fragmentary configs. Such as,
+ * Druid login info, web security switch, web log and so on.</p>
+ *
+ * @author Johnny Miller (鍾俊), email: johnnysviva@outlook.com
+ * @date 2019-03-23 14:24
+ **/
+@Data
+@Component
+@ConfigurationProperties(prefix = "custom.configuration")
+public class CustomConfiguration {
+    /**
+     * The Allowed application list. If it's empty, gateway will allow all request to any applications (microservices)
+     */
+    private List<String> allowedApplicationList = Lists.newLinkedList();
+}
diff --git a/...src/main/java/com/jmsoftware/gateway/universal/configuration/SwaggerResourceProvider.java b/...src/main/java/com/jmsoftware/gateway/universal/configuration/SwaggerResourceProvider.java
@@ -1,15 +1,19 @@
 package com.jmsoftware.gateway.universal.configuration;
 
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.json.JSONUtil;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import lombok.val;
 import org.springframework.cloud.gateway.config.GatewayProperties;
 import org.springframework.cloud.gateway.route.RouteLocator;
 import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Component;
 import springfox.documentation.swagger.web.SwaggerResource;
 import springfox.documentation.swagger.web.SwaggerResourcesProvider;
 
-import java.util.ArrayList;
+import java.util.LinkedList;
 import java.util.List;
 
 /**
@@ -27,14 +31,15 @@
  * <a href='https://doc.xiaominfo.com/guide/ui-front-gateway.html#%E6%96%87%E6%A1%A3%E8%81%9A%E5%90%88%E4%B8%9A%E5%8A%A1%E7%BC%96%E7%A0%81'>文档聚合业务编码</a>
  **/
 @Slf4j
-@Component
 @Primary
+@Component
 @RequiredArgsConstructor
 public class SwaggerResourceProvider implements SwaggerResourcesProvider {
-    public static final String API_URI = "/v2/api-docs";
+    public static final String SWAGGER_API_URI = "/v2/api-docs";
     private final RouteLocator routeLocator;
     private final GatewayProperties gatewayProperties;
     private final ProjectProperty projectProperty;
+    private final CustomConfiguration customConfiguration;
 
     /**
      * Generate Swagger resource.
@@ -45,18 +50,29 @@ public class SwaggerResourceProvider implements SwaggerResourcesProvider {
      */
     @Override
     public List<SwaggerResource> get() {
-        var swaggerResourceList = new ArrayList<SwaggerResource>();
+        val swaggerResourceList = new LinkedList<SwaggerResource>();
         routeLocator.getRoutes().subscribe(route -> {
-            var serviceName = route.getUri().toString().substring(4).toLowerCase();
-            log.info("Gateway found dynamic route for [{}] from subscription. {}", serviceName, route);
-            var swaggerResource = new SwaggerResource();
-            swaggerResource.setName(serviceName.substring(1).toUpperCase());
-            swaggerResource.setLocation(String.format("%s%s", serviceName, API_URI));
+            val serviceName = route.getUri().toString().substring(5).toLowerCase();
+            log.info("{} found dynamic route for [{}] from subscription. {}", projectProperty.getProjectArtifactId(),
+                     serviceName, route);
+            val swaggerResource = new SwaggerResource();
+            swaggerResource.setName(serviceName.toUpperCase());
+            swaggerResource.setLocation(String.format("%s%s", serviceName, SWAGGER_API_URI));
             swaggerResource.setSwaggerVersion("2.0");
-            swaggerResourceList.add(swaggerResource);
+            log.info("Got allowed application list: {}", customConfiguration.getAllowedApplicationList());
+            if (CollUtil.isEmpty(customConfiguration.getAllowedApplicationList())) {
+                log.warn("Allowed application list is not configured. Swagger is able to access any applications.");
+                swaggerResourceList.add(swaggerResource);
+            } else {
+                customConfiguration.getAllowedApplicationList().forEach(allocationName -> {
+                    if (StrUtil.compareIgnoreCase(serviceName, allocationName, false) == 0) {
+                        log.warn("Swagger is adding resource. {}", JSONUtil.toJsonStr(swaggerResource));
+                        swaggerResourceList.add(swaggerResource);
+                    }
+                });
+            }
         });
         log.info("Pre defined GatewayProperties. {}", gatewayProperties);
-        log.info("Swagger resource updated. {}", swaggerResourceList);
         return swaggerResourceList;
     }
 }
diff --git a/gateway/src/main/resources/application-development-docker.yml b/gateway/src/main/resources/application-development-docker.yml
@@ -9,3 +9,8 @@ eureka:
     registryFetchIntervalSeconds: 5
     serviceUrl:
       defaultZone: http://localhost:8760/eureka/
+
+custom:
+  configuration:
+    # Leave `allowed-application-list` empty
+    allowed-application-list:
diff --git a/gateway/src/main/resources/application-development-local.yml b/gateway/src/main/resources/application-development-local.yml
@@ -9,3 +9,8 @@ eureka:
     registryFetchIntervalSeconds: 5
     serviceUrl:
       defaultZone: http://localhost:8760/eureka/
+
+custom:
+  configuration:
+    # Leave `allowed-application-list` empty
+    allowed-application-list:
diff --git a/gateway/src/main/resources/application-production.yml b/gateway/src/main/resources/application-production.yml
@@ -9,3 +9,9 @@ eureka:
     registryFetchIntervalSeconds: 5
     serviceUrl:
       defaultZone: http://localhost:8760/eureka/
+
+custom:
+  configuration:
+    # Production swagger can only see "api-portal"
+    allowed-application-list:
+      - "api-portal"
diff --git a/gateway/src/main/resources/application-stage.yml b/gateway/src/main/resources/application-stage.yml
@@ -9,3 +9,9 @@ eureka:
     registryFetchIntervalSeconds: 5
     serviceUrl:
       defaultZone: http://localhost:8760/eureka/
+
+custom:
+  configuration:
+    # Stage swagger can only see "api-portal"
+    allowed-application-list:
+      - "api-portal"
diff --git a/gateway/src/main/resources/application-test.yml b/gateway/src/main/resources/application-test.yml
@@ -9,3 +9,8 @@ eureka:
     registryFetchIntervalSeconds: 5
     serviceUrl:
       defaultZone: http://localhost:8760/eureka/
+
+custom:
+  configuration:
+    # Leave `allowed-application-list` empty
+    allowed-application-list: